CVE-2024-28219

Name
CVE-2024-28219
Description
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
cve@mitre.org https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-pillow 3.19-community 10.3.0-r0 Fabian Affolter <fabian@affolter-engineering.ch> fixed